I have a number of simple roles in my application but they are also dependent on which chunk of data is being worked on.
I have the following hierarchy in my application
I have programs/projects as the top level of business object. The problem is that people have different roles across the different projects and different sites. There is a different site_admin at each site which is also different in each program.
So when program_id = 400 john has role=program_admin but in program_id = 200 he does not.
Within program_id = 400 and site_id = 47 he is the site_admin but not at program_id=400 and site_id in (41..46)
Obviously in the database it is quite easy as I have my application roles and I have my data_roles that are tied to the entity. I'm trying to figure out how best to do it in the CSLA authorization.
I don't want to re-read the roles based on a program_id/site_id all the time as you can jump all over the place and that would get confusing. I've contemplated appending the data_id to the role name and doing something like ProgramAdmin400, SiteAdmin400 and then trying to do the same in my authorization. It gets a little bit annoying though...
Surely someone else is doing something similar? Any suggestions.
Copyright (c) Marimer LLC